github-mirrors/odc-analyzer
1
0
Fork 0
mirror of https://github.com/ysoftdevs/odc-analyzer.git synced 2026-01-15 00:03:59 +01:00
Code Issues 2 Packages Projects Releases Wiki Activity

Fixed handling of slightly diverging dependencies (e.g., different filename) when comparing scans. It used to be considered as two separate dependencies. This caused such dependencies to appear in both added and removed dependencies.

Browse Source
This commit is contained in:
Šesták Vít
2018-02-05 10:36:47 +01:00
parent d57b9aeb97
commit 8095deae70
1 changed files with 29 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
app/controllers/Statistics.scala
View File

@@ -34,7 +34,17 @@ object GroupedDependencyIdentifier{
)
}
final case class GroupedDependencyDetailedIdentifier(hashes: Hashes, identifiers: Seq[Identifier], evidence: Seq[Evidence], fileNames: Seq[String])
final case class CanonizedGroupedDependencyDetailedIdentifier(hashes: Hashes, identifiers: Seq[Identifier], evidence: Seq[Evidence], fileNames: Seq[String]) {
override def hashCode(): Int = 26+hashes.hashCode()
override def equals(obj: scala.Any): Boolean = obj match {
case similar: CanonizedGroupedDependencyDetailedIdentifier => similar.hashes.equals(hashes)
case _ => false
}
}
final case class GroupedDependencyDetailedIdentifier(hashes: Hashes, identifiers: Seq[Identifier], evidence: Seq[Evidence], fileNames: Seq[String]) {
def canonize: CanonizedGroupedDependencyDetailedIdentifier = CanonizedGroupedDependencyDetailedIdentifier(hashes = hashes, identifiers = identifiers, evidence = evidence, fileNames = fileNames)
}
object GroupedDependencyDetailedIdentifier{
def fromGroupedDependency(groupedDependency: GroupedDependency) = GroupedDependencyDetailedIdentifier(
@@ -45,7 +55,17 @@ object GroupedDependencyDetailedIdentifier{
)
}
final case class GroupedVulnerableDependencyDetailedIdentifier(hashes: Hashes, identifiers: Seq[Identifier], fileNames: Seq[String], vulnerabilities: Seq[String])
final case class CanonizedGroupedVulnerableDependencyDetailedIdentifier(hashes: Hashes, identifiers: Seq[Identifier], fileNames: Seq[String], vulnerabilities: Seq[String]) {
override def hashCode(): Int = 52+hashes.hashCode()
override def equals(obj: scala.Any): Boolean = obj match {
case same: CanonizedGroupedVulnerableDependencyDetailedIdentifier => hashes.equals(same.hashes)
case _ => false
}
}
final case class GroupedVulnerableDependencyDetailedIdentifier(hashes: Hashes, identifiers: Seq[Identifier], fileNames: Seq[String], vulnerabilities: Seq[String]) {
def canonize: CanonizedGroupedVulnerableDependencyDetailedIdentifier = CanonizedGroupedVulnerableDependencyDetailedIdentifier(hashes = hashes, identifiers = identifiers, fileNames = fileNames, vulnerabilities = vulnerabilities)
}
object GroupedVulnerableDependencyDetailedIdentifier{
def fromGroupedDependency(groupedDependency: GroupedDependency) = GroupedVulnerableDependencyDetailedIdentifier(
@@ -67,8 +87,10 @@ object Statistics{
implicit val evidenceWrites = Json.writes[Evidence]
implicit val groupedDependencyIdentifierWrites = Json.writes[GroupedDependencyIdentifier]
implicit val groupedDependencyDetailedIdentifierWrites = Json.writes[GroupedDependencyDetailedIdentifier]
implicit val canonizedGroupedDependencyDetailedIdentifierWrites = Json.writes[CanonizedGroupedDependencyDetailedIdentifier]
//implicit val groupedDependencyFormats = Json.format[GroupedDependency]
implicit val GroupedVulnerableDependencyDetailedIdentifierWrites = Json.writes[GroupedVulnerableDependencyDetailedIdentifier]
implicit val groupedVulnerableDependencyDetailedIdentifierWrites = Json.writes[GroupedVulnerableDependencyDetailedIdentifier]
implicit val canonizedGroupedVulnerableDependencyDetailedIdentifierWrites = Json.writes[CanonizedGroupedVulnerableDependencyDetailedIdentifier]
}
@@ -428,10 +450,11 @@ class Statistics @Inject()(
def compare[T](f: Result => Set[T]) = new SetDiff(f(selection.result), f(adHocReports))
Ok(Json.obj(
"vulnerabilities"->showDiff(compare(extractVulnerabilities))(),
"dependencies"->showDiff(compare(_.groupedDependencies.map(GroupedDependencyDetailedIdentifier.fromGroupedDependency).toSet))(),
"dependencies"->showDiff(compare(_.groupedDependencies.map(GroupedDependencyDetailedIdentifier.fromGroupedDependency(_).canonize).toSet))(),
"vulnerableDependencies"->showDiff(compare(_.vulnerableDependencies.map(_.hashes).toSet))(
mapAdded = h => GroupedVulnerableDependencyDetailedIdentifier.fromGroupedDependency(adHocReports.groupedDependenciesByHashes(h)),
mapRemoved = h => GroupedVulnerableDependencyDetailedIdentifier.fromGroupedDependency(selection.result.groupedDependenciesByHashes(h))
// TODO: consider better handling of divergent sets of vulnerabilities
mapAdded = h => GroupedVulnerableDependencyDetailedIdentifier.fromGroupedDependency(adHocReports.groupedDependenciesByHashes(h)).canonize,
mapRemoved = h => GroupedVulnerableDependencyDetailedIdentifier.fromGroupedDependency(selection.result.groupedDependenciesByHashes(h)).canonize
)
))
}